System for testing the authenticity of a data carrier

ABSTRACT

A system for testing the authenticity of a data carrier determines the physical property of the data carrier from an irreversibly adjustable electric state of a circuit present separately on the integrated circuit, and uses the electric property of the circuit for establishing a characteristic value for the data carrier.

This invention relates to a system for testing the authenticity of adata carrier.

A system of this type is known e.g. from EP-A1 0 313 967. From thispublication it is known to selectively influence the physical finestructure of the IC during chip production and thus incorporate certainstructures on or in the integrated circuit that are evaluatable as aphysical property characterizing the circuit. In this connection thispublication proposes providing the chip with a metallic coating having arandom surface structure which is scannable via a resistance measurementat several places, the obtained resistance profile being stored in theform of characteristic data for determining the authenticity of the datacarrier. External access to the characteristics storage is no longerpossible after burning out of a fuse, e.g. after the initializationphase.

The above system has the disadvantage, however, that the resistanceprofile is not only elaborate in terms of measurement technology anddifficult to determine but is sometimes even unclear, thereby impairingthe reliability of the test procedure. Furthermore, the known methodcannot ascertain faulty burnings, whereby the fuse was not broughtproperly from the electroconductive to the nonconductive state, orsubsequent manipulation of a properly burned out fuse, both of whichwould permit unauthorized access to the characteristics storage.

The affect of the invention is to propose a system for testing theauthenticity of data carriers which permits more reliable determinationof authenticity and better protection of sensitive areas of the datacarrier, whereby the physical property determined by the integratedcircuit should be detectable with little effort in terms of measurementtechnology.

This problem is solved according to the invention by the features statedin the claims.

The invention is characterized in that a separate circuit is provided onthe integrated circuit of the data carrier, which the semiconductormaker realizes by slightly changing the design of the integratedcircuit. The circuit has an irreversibly adjusted electric statecharacterizing the circuit which is used for establishing acharacteristic value for the data carrier and evaluated for determiningauthenticity.

In a first embodiment the circuit of the integrated circuit includes atleast one network consisting of passive components and can additionallycontain a control logic for driving switching elements. In a preferredembodiment example this network is executed as a resistor string betweenan outer free contact connection, which serves as a measuringconnection, and the ground connection of the data carrier. For codingthis resistor string, which can consist of binomially constructedresistors, fuses are connected in parallel with each series-connectedresistor, which are burned out according to the desired coding. Burningout of the fuses is possible only in the test mode, i.e. after the chiphas been tested and found good. When the fuses are being burned out anaccordingly high current is driven to ground from the free outermeasuring connection, the control logic guaranteeing that only thosefuses are burned out whose parallel-connected switches are openaccording to the desired coding. After coding of the resistor string afuse located between the control logic and the switching elements andunrecognizable without special aids can be burned out to prevent thecontrol logic from being operated in the test mode again. Thisguarantees that the coding of the network can only be done within thetest mode by the semiconductor maker. The coding can for example yield acontinuous number, i.e. an individual identification for the integratedcircuit, or else be a class feature for the integrated circuit. Theexpert will of course recognize that the invention is not restricted tothe realization of a resistor string, but that other passive components,for example capacitors or inductors, can also be used for the networkcharacterizing the circuit.

Alternatively a test connection (test pad) can be provided instead of anadditional control logic for the switching elements for each resistorwith a parallel-connected fuse. These pads are available for exampleafter production and during the wafer test. After the chip has beentested and found good, the semiconductor maker drives a high current tothe test connections in such a way that the combination of burned outfuses yields the desired coding of the resistor string. The switch-overfrom the test mode to the user mode can be done by burning out a fuseand/or programming EEPROM or EPROM cells and is irreversible.

In the first embodiment the authenticity testing can take place asfollows. The physical property of the network, for example the totalresistance value of a binomially coded resistor string, is measured byan external device and then digitized to encode the digital value withthe help of a secret code stored in the device. This digital valueencoded by the device and connected with the physical property of thenetwork is compared with a characteristic value received from the datacarrier. The characteristic value contained in a memory area of the datacarrier likewise renders the physical property of the network in anencoded form.

This characteristic value can e.g. be written into a memory in the datacarrier during personalization of the data carrier. The writing of thecharacteristic value and other personal sensitive data takes placeduring personalization in a protected environment, thereby guaranteeingthat only an authorized person can perform the personalization of thedata carriers. This can be attained in simple fashion for example if theoperator must prove his identity to the device by entering a secretcode. The personalization device verifies before operation whether theentered code matches the one stored in the device. To protect thepersonalization data, such as transaction limit, PIN, etc., fromduplication these data can be logically combined with the measuredphysical property of the network during personalization of the datacarrier and the result of logical combination written into the memory ofthe data carrier by the personalization device.

In a development of the invention a switching element can also beprovided which releases the physical property of the network, under thecontrol of a logic unit of the data carrier, for external measurement ata predetermined time and for a predetermined duration. This has theadvantage that the authenticity structure of the integrated circuitexecuted as a separate network is available for external measurementonly for a certain time and the authenticity structure is undetectableexternally, and thus hidden, outside this time. For example the logicunit of the data carrier releases the physical property of the networkfor measurement upon reception of a reset signal up to the time of theanswer to reset (ATR) transmitted by the cared. Only within thissystem-specific time window is the physical property of the networkdetectable. The data carrier can of course test the authenticity of thedevice connected with the data carrier before the physical property ofthe network is released, in order to ensure that the physical propertyof the network is released only to an authentic device, i.e. oneauthorized for measurement. Furthermore the device can verify with thehelp of a time-keeping device whether the time during which the physicalproperty of the network is released for measurement by the logic unit ofthe data carrier is within a system-specific time window. Such a timewindow must of course always be chosen in accordance with a dataexchange protocol stipulated between the communication participants. Theparticular adaptation of the time window to the application-specificdata exchange protocol is a matter of the knowledge and skill of anexpert and will not be described more fully here.

In a second embodiment the circuit includes at least one fuse whoseelectric state after burning out is checked internally in the datacarrier and stored in the form of a characteristic value in a memoryarea of the data carrier. The characteristic value can be transferredfor authenticity testing to the apparatus communicating with the datacarrier, or be processed internally for blocking the data carrier ifnecessary. The data are transferred to the apparatus in such a way thatno conclusion can be drawn on the actual electric state of the fuse.

The electric property of the fuse is preferably checked at eachoperation of the data carrier with a signal already necessary foroperating the integrated circuit. This makes it possible to ascertainfaulty burnings, whereby the fuse was not brought properly from theelectroconductive to the nonconductive state, with little technicaleffort. Furthermore the invention permits ascertainment of latermanipulation of a properly burned out fuse, e.g. bridging of the fuse bymeans of microprobes, the operation of the integrated circuit beingblocked internally in case of a faulty burning out or an ascertainedmanipulation. This makes the data carrier useless for any furtherapplication by the defrauder. The invention thus allows effectiveprotection against unauthorized manipulation of an authenticity featureof a data carrier, permitting more reliable determination of theauthenticity of the data carrier.

Further advantages and advantageous developments are indicated by thedescription of the invention with reference to the figures, in which:

FIG. 1 shows a data carrier with an integrated circuit,

FIG. 2 shows the inventive separate circuit in the form of a networkwith a corresponding control logic,

FIG. 3 shows the data carrier in connection with a device forauthenticity testing,

FIG. 4 shows a flow chart for the authenticity testing of a datacarrier,

FIG. 5 shows a further embodiment example of a separate network,

FIG. 6 shows a data carrier with means for internally testing theelectric state of a separate circuit of the integrated circuit.

FIG. 1 shows data carrier 1 as is employed e.g. in cashless moneytransfer as a debit card or as a memory cared such as a telephone card.The data carrier has an integrated circuit (IC) located on IC module 2which can be connected electrically via contact surfaces 3 with externalperipheral devices. According to a recent standard six contacts areprovided, whereby one of the contacts is generally not allocated. Thisfree connection of the IC module, designated as position 8 in thefigures, is used as a measuring connection for externally measuring aphysical property of the integrated circuit.

FIG. 2 shows inventive network 9 consisting of resistors 13 realizedseparately on the integrated circuit between connection 8 (measuringconnection) and the ground connection of the data carrier. The resistorshave resistance values binomially coded from left to right, i.e.beginning with the first resistor e.g. 100 ohms, second resistor 200ohms, third resistor 400 ohms, etc., and are series-connected. Eachresistor of the resistor string has fuse 12 and switching element 11parallel-connected thereto. The switching elements can be driven e.g. bysoftware by control logic 10 to burn out the fuses according to thedesired coding. For buring out the fuse a high current, e.g. 500 mA, isdriven to ground from contact 8, whereby only that fuse is burned out,with the help of the switching elements controlled by the control logic,whose particular parallel-connected switch is open. By driving theswitches one can obtain the desired coding, i.e. a clearlydistinguishable total resistance value, for the resistor string. In theswitch position shown in FIG. 1 only the first switch is open and allothers are closed, for example, resulting in a total resistance value of100 ohms for the resistor string present between connection 8 and theground connection. The binomial coding of the resistor string permitsthe combination of blown fuses to yield a clear significant totalresistance value for the resistor string, which is digitallyrepresentable as a continuous number. If all possible variants arecombined one thus obtains a continuous number of i=2n, whereby ncorresponds to the number of resistors. Another suitable coding can ofcourse also be chosen instead of a binomially coded resistor string.Also, the total resistance of the resistor string does not have to beindividual for each integrated circuit. In some cases it may besufficient if it is class-specific, i.e. a certain production lot ofintegrated circuits can be coded with one and the same total resistanceof a resistor string. After coding of the resistor string, which is donein the test mode, i.e. after the chip has been tested and found good,the connecting line between control logic 10 and switching elements 11can be interrupted by blowing a fuse (not shown) in order to prevent thecontrol logic from being operated subsequently in the test mode by anunauthorized third party. Thus the control logic is decoupled from thenetwork after the coding operation so that the physical property of thenetwork is "burned in" irreversibly. This offers high protection frommanipulation on the part of an unauthorized third party.

In the following the personalization of data carriers with the inventivenetwork will be described. First the physical property of the network ismeasured and the measured analog value then converted to a digitalvalue. Subsequently the digitized measured value is encrypted with thehelp of a secret code. Then the encrypted physical property of thenetwork is written into the memory unit of the data carrier as acharacteristic value. Other sensitive personalization data, such as PIN,transaction limit, etc., can of course also be logically combined withthe measured physical property of the network in the personalizationdevice for writing the result of logical combination into a memory unitof the data carrier. The logical combination chosen can be e.g. an EX-ORoperation which is executed by the personalization device.

FIG. 3 shows a simplified block diagram of device 18 for testing theauthenticity of data carrier 1 with inventive network 9. The datacarrier includes not only network 9 but also logic unit 15, memory unit16 and optionally provided switching element 17 which connects thenetwork, under the control of the logic unit, for a predetermined timeinto the measuring path formed between measuring contact 8 and theground connection by measuring means 19 of the device. For clarity'ssake measuring means 19 are shown as a block which already contains avoltage supply e.g. of 10 V and analog-to-digital converter 23 forconverting the analog measured value signal to a digital value. Thedigitized measured physical property of the network is subsequentlyencoded by encrypting means 20 using a secret code which is stored inthe encrypting means so as to be protected from external access. Thecharacteristic value read out of memory unit 16 of the data carrier byreading means 22 of the device is compared with the measuring resultencoded by the device with the help of comparator 21. Memory unit 16 ofthe data carrier can be for example an EEPROM if the physical propertyof the network is stored in an encoded form. If the physical property ofthe network measured by the device matches the characteristic value readout of the memory unit of the data carrier, the data carrier isrecognized as authentic.

FIG. 4 shows very schematically the sequence of authenticity testing fora data carrier provided with a separate network located on theintegrated circuit whose physical property is measurable. When the datacarrier is connected with the testing device via the contact elements,the device first tests in method step 30 whether the physical propertyof the network is present between the ground connection and measuringconnection 8, e.g. in the form of the total resistance value of aresistor string. Only if the device ascertains that the measuring pathformed with the measuring means is not closed, i.e. high-ohmic, due toopen switching element 17, it transmits a reset signal to the datacarrier in method step 31. Upon reception of the reset signal theaddress counter of logic unit 15 is set to a defined initial state andthe switching element closed. Method step 32 shows that switchingelement 17 is closed by the logic unit of the data carrier by softwarecontrol up to the time of the answer to reset (ATR) of the data carrier,thus releasing the physical property of the network for measurement bythe measuring means of the device within this time window. Thedetermination of the physical property of the network, i.e. the totalresistance value of the resistor string, and the following encodingusing a secret code is shown in method step 33. Method step 34 shows thetransmission of the characteristic value contained in the memory unit ofthe data carrier as the third byte in the ATR which is sent from thedata carrier to the device. Method step 35 shows how the characteristicvalue received in the third byte of the ATR is compared with themeasured variable obtained from method step 33. If the characteristicvalue received from the data carrier matches the measured digitized andsubsequently encrypted physical property of the network, the datacarrier is recognized as authentic. The result of authenticity testingcan also be indicated on a display of the device, if desired.

FIG. 5 shows a further embodiment example of the inventive networkpresent separately on the integrated circuit. In this variant there istest connection 14 for each fuse and each resistor, to which a highcurrent, e.g. 500 mA, is applied to blow the fuse according to thedesired coding, so that the combination of blown fuses yields a totalresistance value characteristic of the resistor string. As in the firstembodiment, fuses 12 are parallel-connected with resistors 13series-connected between measuring connection 8 and the groundconnection. In comparison to the first embodiment one can dispense withcontrol logic 10 and switches 11 in this variant. After the chip hasbeen tested and the network coded accordingly, test connections 14 areswitched off after the coding operation. This can be done by simplydisconnecting the test connections mechanically. Since the test contactsare already available after production and during the wafer test, thenetwork provided separately on the integrated circuit can be realized insimple fashion, for example in the form of a resistor string.

FIG. 6 shows a greatly schematized view for clarity's sake of datacarrier 1 with internal means 5 for checking the electric state ofcircuit 24 having at least one fuse 4, e.g. for protecting sensitiveareas of the data carrier. After the chip has been tested and found goodand after e.g. the desired coding of the authenticity feature of theintegrated circuit has taken place, fuse 4 is burned out, being therebybrought from the electroconductive to the nonconductive state. Circuit24 can of course also have further elements for controlling burning out,which are familiar to the expert and omitted here for simplicity's sake.For checking the electric state of fuse 4 an external signal, e.g. thesupply voltage or the clock signal of the integrated circuit, is fed invia outer contact surface 3 electrically connected with the input of thefuse, and compared with the signal received at the output of the fuse bymeans of first comparator 5. The result of comparison of the firstcomparator is written into memory 16, e.g. RAM, as a characteristicvalue e.g. after each application of the external signal. The result ofcomparison located in the RAM can be transferred in the answer to resetsignal (ATR) from the data carrier to a card reading device forauthenticity testing. The RAM state can be compared with referenceinformation by means of further comparator 5 at each operation of thedata carrier. The reference information is e.g. a value representativeof the electroconductive state of fuse 4, and is stored in nonvolatilememory unit 6 of the data carrier protected against external access. Ifthere is agreement with the reference information, i.e. if fuse 4assumes an improper electroconductive state after burning out, secondcomparator 5 produces a corresponding blocking signal which can be usedto block the circuit irreversibly. For this purpose, informationcharacterizing the blockage is written for example into a certain areaof nonvolatile memory 6 of the integrated circuit protected fromexternal access. At each initialization of the data carrier this certainmemory area is interrogated by the integrated circuit, and uponascertainment of the blocking information the control unit of theintegrated circuit is for example reset to the hold state or to thebeginning of the program. In this case an error message is issued whichpermits no conclusion to be drawn that fuse 4 has the improper, i.e.electroconductive, state. The error message can e.g. be passed alongwith the data exchange protocol stipulated between the data carrier anda device in a way not recognizable to an outside third party, e.g. inthe authenticity signal for a debit card or in the message "Units usedup" for a memory card.

I claim:
 1. A system for testing the authenticity of a data carrier,comprising:a data carrier (1) having at least one integrated circuitelement, said integrated circuit element having memory units (6, 16),logic units (15), and communication elements (3), said integratedcircuit element having a circuit portion (9, 24) which is unitary withsaid integrated circuit element but separate from said memory units,logic units and communication elements, said circuit portion havingmeans for providing a plurality of electrical states to said circuitportion and for adjusting the electrical state among said plurality ofelectrical states, said circuit portion having means for establishing agiven electrical state of said circuit portion, thereby to establish acharacteristic value for the data carrier, one of said circuit portionand said integrated circuit element having means for preventing furtheradjustment of said circuit portion from said given electrical state;apparatus (18) having an access via said communication elements (3) toat least partial areas of the memory units (6, 16) for reading and/orwriting data; and means (5, 19) for determining the electrical state ofsaid circuit portion, thereby to authenticate the data carrier by thecharacteristic value established by said circuit portion.
 2. The systemof claim 1, characterized in that the circuit portion (9) includes atleast one network comprising passive components.
 3. The system of claim2 characterized in that said network comprises a binomially codedresistor string and wherein the electrical state of said circuit portionis the total resistance of the resistor string.
 4. The system of claim 1characterized in that said means (19) for determining the electricalstate of said circuit portion is part of an apparatus (18) which hasencrypting means (20) for encoding the determined electrical state ofsaid circuit portion (9), and wherein said memory unit (16) of the datacarrier contains the encoded electrical state of said circuit portion asthe characteristic value for the data carrier.
 5. The system of claim 4,characterized in that the characteristic value is transferred from thedata carrier (1) to the apparatus (18) as the third byte in an answer toreset (ATR) signal.
 6. The system of claim 5, characterized in that theapparatus (18) has a comparator (21) for comparing the receivedcharacteristic value with the electrical state of the circuit (9)measured and encoded by the apparatus (18), the comparison taking placeat each operation of the data carrier(1).
 7. The system of claim 1wherein said data carrier is further defined as allowing thedetermination of the electrical state of said circuit portion to occuronly at a certain time and for a time period of predetermined duration.8. The system of claim 7 wherein said logic unit (15) of the datacarrier (1) controls said time certain and period of predeterminedduration as system-specific parameters in accordance with a signalreceived from said apparatus (18), and wherein said apparatus is furtherdefined as verifying whether said system-specific parameters fulfillpredetermined conditions.
 9. The system of claim 8 characterized in thatsaid apparatus (18) provides said signal to said data carrier (1) as areset signal and wherein said logic unit (15) is further defined asreleasing the electrical state of said circuit portion (9) for externalmeasurement by means of a switching element (17) of the data carrierfrom the time of receipt of said reset signal up to the time of ananswer to reset (ATR) signal transmitted from said data carrier to saidapparatus.
 10. The system of claim 1, characterized in that the circuitportion (24) has at least one fuse (4) which is brought by an burningout irreversibly from the electroconductive to the nonconductive state,thereby protecting sensitive areas of the data carrier (1) from externalaccess.
 11. The system of claim 10, characterized in that the datacarrier (1) has means (5) for checking the electric property of thefuse, whereby an external signal is fed in via a communication element(3) of the integrated circuit element connected with an input of thefuse (4) and this is compared at an output of the fuse (4) with thefed-in signal and the result of comparison is written into a memory unitarea (16) of the data carrier as a characteristic value.
 12. The systemof claim 11 characterized in that said means (5) for checking theelectric property of the fuse is further defined as employing anexternal signal that is essential for operating the integrated circuitelement.
 13. The system of claim 11 wherein said data carrier providesan answer to reset (ATR) signal containing a characteristic value andwherein said characteristic value for the data carrier is provided tosaid apparatus to authenticate the data carrier during each operation ofthe data carrier.
 14. The system of claim 11 wherein said integratedcircuit element is characterized in that a characteristic value iscompared with internally stored reference information in the integratedcircuit element of said data carrier (1) and operation of the integratedcircuit element is blocked if an improper electrical state of said fuse(4) has been ascertained.
 15. The system of claim 14 wherein said datacarrier is further defined as transferring an error message to saidapparatus (18) upon blocked operation of said integrated circuitelement, said error message permitting no conclusion to be drawn of theelectrical state of said fuse (4).
 16. A data carrier suitable for usewith apparatus for testing the authenticity of the data carrier, saiddata carrier (1) having at least one integrated circuit element, saidintegrated circuit element having memory units (6, 16), logic units(15), and communication elements (3) for communication with the testingapparatus, said integrated circuit element having a circuit portion (9,24) which is unitary with said integrated circuit element but separatefrom said memory units, logic units, and communication elements, saidcircuit portion having means for providing a plurality of electricalstates to said circuit portion and for adjusting the electrical stateamong said plurality of electrical states, said circuit portion havingmeans for establishing a given electrical state of said circuit portion,thereby to establish a characteristic value for the data carrier for usein authenticating said data carrier, one of said circuit portion andsaid integrated circuit element having means for preventing furtheradjustment of said circuit portion from said given electrical state. 17.The data carrier of claim 16, characterized in that the circuit portion(9) includes at least one network comprising passive components.
 18. Thedata carrier of claim 2, characterized in that the circuit system (24)has at least one fuse (4) which is brought by burning out irreversiblyfrom the electroconductive to the nonconductive state, therebyprotecting sensitive areas of the data carrier (1) from external access.19. The data carrier of claim 5, characterized in that the data carrier(1) has means (5) for checking the electric property of the fuse.